Sec+ 601 study guide Part 9 Flashcards
Which of the following environments minimizes end-user disruption and MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?
A. Staging
B. Test
C. Production
D. Development
B. Test
An attacker is attempting to exploit users by creating a fake website with the URL
www.validwebsite.com. The attacker’s intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.
Which of the following social engineering attacks does this describe?
A. Information elicitation
B. Typo squatting
C. Impersonation
D. Watering-hole attack
B. Typo squatting
A security operations analyst is using the company’s SIEM solution to correlate alerts. Which of
the following stages of the incident response process is this an example of?
A. Eradiction
B. Recovery
C. Identification
D. Preparation
C. Identification
To reduce and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?
A. Maas
B. laaS
C. SaaS
D. PaaS
B. laaS
A security analyst is reviewing the following command-line output:
Internet Address. Physical Address Type
- 168.1.1 aa-bb-cc-00-11-22. dynamic
- 168.1.2 aa-bb-cc-00-11-22 dynamic
- 168.1.3 aa-bb-cc-00-11-22 dynamic
- 168.1.4 aa-bb-cc-00-11-22 dynamic
- 168.1.5 aa-bb-cc-00-11-22 dynamic
- -output omitted–
192. 168.1.251 aa-bb-cc-00-11-22. dynamic
192. 168.1.252 aa-bb-cc-00-11-22 dynamic
192. 168.1.253 aa-bb-cc-00-11-22 dynamic
192. 168.1.254 aa-bb-cc-00-11-22 dynamic
192. 168.1.255. ff-ff-ff-ff-ff-ff dynamic
Which of the following is the analyst observing? A. ICMP spoofing B. URL redirection C. MAC address cloning D. DNS poisoning
C. MAC address cloning
A security analyst is reviewing logs on a server and observes the following output:
01/01/2020 03:33:23 admin attempted login with password sneak
01/01/2020 03:33:32 admin attempted login with password sneaked
01/01/2020 03:33:41 admin attempted login with password sneaker
01/01/2020 03:33:50 admin attempted login with password sneer
01/01/2020 03:33:59 admin attempted login with password sneeze
01/01/2020 03:34:08 admin attempted login with password sneezy
Which of the following is the security analyst observing? A. A rainbow table attack B. A password-spraying attack C. A dictionary attack D. A keylogger attack
C. A dictionary attack
A symmetric encryption algorithm is BEST suited for:
A. key-exchange scalability
B. protecting large amounts of data
C. providing hashing capabilities
D. implementing non-repudiation
B. protecting large amounts of data
An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device.
Which of the following MDM configurations must be considered when the engineer travels for business?
A. Screen locks
B. Application management
C. Geofencing
D. Containerization
D. Containerization
An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?
A. White-box B. Red-team C. Bug bounty D. Gray-box E. Black-box
C. Bug bounty
An organization blocks user access to command-line interpreters, but hackers still managed to invoke the interpreters using native administrative tools. Which of the following should the security team do to prevent this from happening in the future?
A. Implement HIPS to block inbound and outbound SMB ports 139 and 445.
B. Trigger a SIEM alert whenever the native OS tools are executed by the user.
C. Disable the built-in OS utilities as long as they are not needed for functionality.
D. Configure the AV to quarantine the native OS tools whenever they are executed.
C. Disable the built-in OS utilities as long as they are not needed for functionality.
compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?
A. Redundancy
B. RAID 1+5
C. Virtual machines
D. Full backups
D. Full backups
A Chief Executive Officer’s (CEO) personal information was stolen in a social engineering attack.
Which of the following sources would reveal if the CEO’s personal information is for sale?
A. Automated information sharing
B. Open-source intelligence
C. The dark web
D. Vulnerability databases
C. The dark web
A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?
A. The Diamond Model of Intrusion Analysis
B. The Cyber Kill Chain
C. The MITRE CVE database
D. The incident response process
A. The Diamond Model of Intrusion Analysis
A company notices that at 10 a.m. every Thursday, three users’ computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:
@echo off
if [c:\file.txt] deltree C:\
Based on the above information, which of the following types of malware was discovered?
A. Rootkit
B. Backdoor
C. Logic bomb
D. RAT
C. Logic bomb
A security engineer deploys a certificate from a commercial CA to the RADIUS server for use with the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate’s properties:
Issuer: (A commercial CA)Valid from: (yesterday’s date)
Valid to: (one year from yesterday’s date)
Subject: CN=smithco.com
Public key: RSA (2048 bits)
Enhanced key usage: Client authentication (1.3.6.1.5.5.7.3.2)
Key usage: Digital signature, key encipherment (a0)
Which of the following is the MOST likely cause of the failure?
A. The certificate is missing the proper OID.
B. The certificate is missing wireless authentication in key usage.
C. The certificate is self-signed.
D. The certificate has expired.
A. The certificate is missing the proper OID.